您现在的位置是:首页 > cms教程 > Discuz教程Discuz教程

discuz验证过程介绍

海云2025-06-28Discuz教程已有人查阅

导读cdb_members表的secques字段是干嘛用的(二次操作验证之用)--意思是如果groupid='6', 那么ipbanned的值为真,为1清空了所有客户端cookie后的访问-

呵呵....
--疑惑-----
cdb_members表的secques字段是干嘛用的(二次操作验证之用)
--发现 
SELECT groupid='6' AS ipbanned
--意思是如果groupid='6', 那么ipbanned的值为真,为1
-----清空了所有客户端cookie后的访问---------------
---这是为了论坛底部访问统计的查询
----删除所有游客 
DELETE FROM cdb_sessions
WHERE sid='9brXS4' --不知道这个sid从何而来(可能为随机)
OR lastactivity<(1166753279-900) --15分钟未活动的游客
OR ('0'<>'0' AND uid='0') --此条件永远为false , 0当然=0
OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166753279-60) --或者同一ip活动时间1分钟内的.(即去除同一ip的重复记录)
----插入此游客记录到session里 
INSERT INTO cdb_sessions
(sid, ip1, ip2, ip3, ip4,
uid, username, groupid, styleid, invisible, action,
lastactivity, --当前时间为活动时间
lastolupdate, seccode, --seccode安全码?不知道有什么用
fid, tid, bloguid)
VALUES ('9brXS4', '127', '0', '0', '1',
'0', '', '7', '1', '0', '1', '1166753279', '0', '9373', '0', '0', '0')
--在线人数信息------ 
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----///////////////////登录过程/////////////////////////////
----------以下语句看起来是无用----------- 
SELECT uid, secques FROM cdb_members WHERE username='admin'
UPDATE cdb_members SET username='admin', password='45e153xxxxxxx87cb6bf8', email='dfds@126.com'
WHERE uid='1054'
----------貌似这里是重复劳动--------------- 
SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='1054' AND password='45e1534xxxxxxx387cb6bf8' AND secques=''
---查论坛帖子数量信息------ 
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
---查论坛帖子数量信息------ 
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
---查论坛帖子数量信息------ 
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
--查论坛信息--- 
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
--online time-- 
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166754541'
WHERE uid='1054' AND lastupdate<='1166753941'
--在线人数据----- 
DELETE FROM cdb_sessions WHERE sid='QvC8mm' OR lastactivity<(1166754541-900) OR ('1054'<>'0' AND uid='1054') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166754541-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('QvC8mm', '127', '0', '0', '1', '1054', 'admin', '1', '1', '0', '1', '1166754541', '1166754541', '2124', '0', '0', '0')
---更新会员之后访问 
UPDATE cdb_members SET lastip='127.0.0.1', lastvisit=lastactivity, lastactivity='1166754541' WHERE uid='1054'
--在线人数信息------ 
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----普通会员的访问/////////////////////////////
--sid来自cookie cdb_sid=QvC8mm , 这里不仅验证cookie,而且验证ip,保证了访问用户的身份是来自同一ip,
--那么被cookie复制欺骗的概率就大大的被降低了.对于论坛,安全到ip的级别应该是够用了.况且cdb_sid还是一个随机的字符. 
SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
FROM cdb_sessions WHERE sid='QvC8mm' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='127.0.0.1'
--查询会员信息,现在我们知道为什么discuz论坛都要定期清理会员了.这个操作是如此的频繁. 
SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw,
m.secques AS discuz_secques, m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset,
m.tpp, m.ppp, m.posts, m.digestposts, m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,
m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,
m.lastvisit, m.lastactivity, m.lastpost, m.newpm, m.accessmasks,m.xspacestatus, m.editormode, m.customshow
FROM cdb_members m WHERE uid='1054'
--查询论坛信息----------- 
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
--online time , 每10分钟 
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166755500'
WHERE uid='1054' AND lastupdate<='1166754900'
--更新会员信息 
UPDATE cdb_sessions SET uid='1054', username='admin', groupid='1', styleid='1', invisible='0', action='1',
lastactivity='1166755500', lastolupdate='1166755500', seccode='2124', fid='0', tid='0', bloguid='0' ,
pageviews=pageviews+1 WHERE sid='QvC8mm'
--在线人数信息------ 
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----普通会员操作的验证/////////////////////////////
-------passport登录过程\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--passport登录通过后,将密码和几个字段加密后写入cookie,cdb_auth,这样你再访问论坛,它会首先检查
--cdb_sid有无,再看cdb_auth有无,有,取这个cdb_auth,解密后,拿密码,uid和数据库表做对比,正确,则生成cdb_sid并
--插入记录到 session表 . 
SELECT * FROM `cdb_members` WHERE username = 'testxx'
SELECT uid, secques FROM cdb_members WHERE username='testxx'
UPDATE cdb_members SET username='testxx', password='52c69e3a57331099999991c4e69d3f2e', email='99@99.com'
WHERE uid='852'
061222 13:45:47 3 Connect root@localhost on
SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='852' AND password='52c69e3a57331099999991c4e69d3f2e' AND secques=''
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166766347' WHERE uid='852' AND lastupdate<='1166765747'
INSERT INTO cdb_onlinetime (uid, thismonth, total, lastupdate)
VALUES ('852', '10', '10', '1166766347')
DELETE FROM cdb_sessions WHERE sid='5sS9P0' OR lastactivity<(1166766347-900) OR ('852'<>'0' AND uid='852') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166766347-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('5sS9P0', '127', '0', '0', '1', '852', 'testxx', '10', '1', '0', '1', '1166766347', '1166766347', '4097', '0', '0', '0')
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC

感谢您的认可和支持

微信支付二维码 - 长按识别

微信

支付宝二维码 - 长按识别

支付宝

持续输出优质内容需要动力,您的每一个打赏都是深夜码字时的温暖咖啡☕

本文标签:

很赞哦! ()

上一篇:CentOs7搭建论坛Discuz_X3.2的步骤方法

下一篇:了解discuz,discuz环境搭建和部署

相关教程

图文教程

相关源码

  • (PC+WAP)pbootcms模板黑色门窗定制五金建材网站下载为门窗定制与五金建材企业设计的网站解决方案,采用PbootCMS开发,兼具专业展示与营销功能。黑色系设计突显工业质感,响应式布局确保在手机、平板等设备上的浏览体验。通过简单的内容替换,也可适用于建材贸易、家具定制等相关行业。查看源码
  • (PC+WAP)企业管理工程造价资产评估财务审计带留言网站模板本模板基于PbootCMS内核开发,为工程造价咨询、财务审计类企业量身打造,同时支持多行业快速适配。采用PC+WAP双端同步设计,数据实时互通,助您高效展示企业形象与服务能力。查看源码
  • 帝国cms7.2淘宝客导购自媒体博客网站模板源码本模板基于帝国CMS7.2内核深度开发,为淘宝客、商品导购类自媒体及博客网站设计。通过可视化后台管理,可快速搭建具备商品推荐、比价功能的内容平台,帮助用户实现流量高效转化。查看源码
  • (自适应)简繁双语机械矿山矿石五金设备pbootcms源码下载本模板基于PbootCMS开发,主要面向机械五金、矿山矿石设备等行业,支持简体中文和繁体中文双语切换。采用响应式布局技术,确保在各种设备上都能获得良好的浏览体验。模板设计注重展示工业设备的专业性和技术特点,帮助企业建立可靠的线上展示平台。查看源码
  • (自适应)蓝色环保科技设备带三级栏目网站模板下载该模板为环保科技企业设计,提供专业的产品展示与技术服务平台。采用响应式布局,适配环保设备、清洁技术等应用场景,通过可视化后台可快速搭建符合行业特性的展示网站。查看源码
  • (自适应响应式)HTML5甲醛环境检测网站模板带在线留言和资料下载本模板为甲醛检测与环保科技企业开发,采用PbootCMS内核构建。首页集成空气质量数据可视化模块,服务流程采用时间轴展示设计,检测报告板块支持PDF在线预览功能查看源码
分享笔记 (共有 篇笔记)
验证码:

大家在看

ThinkPHP怎么和Discuz整合

本栏推荐

相关标签

大家喜欢